What’s the Downside to EFS?

With roaming profiles, both the Encrypting File System (EFS) certificate used to encrypt the file encryption key (FEK) and the private key used to decrypt the FEK reside on a central server, where user profiles also reside. The user profiles, in turn, are copied to each machine that the user logs on to, either locally or through Kerberos delegation. This setup poses a serious potential security risk. If an intruder can log on to a system as one of your users, that intruder will be able to obtain the certificates and keys used to protect files and use those certificates and keys on any system in the network. Even if an intruder can’t log on as a user, he or she might be able to circumvent the usual file-system permissions that protect profiles, then defeat the mechanisms that the OS employs to protect the user’s certificate and key stores. Although it’s unlikely that an intruder could carry out such an attack now, the explosive growth in computing power will probably require that EFS evolve to mitigate such a threat in the future.